Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:33 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Common
Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc
.exe
C:\Documents and Settings\Owner\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.c...s/sb/msgr8/*htt
p://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...s/su/msgr8/*htt
p://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
O2 - BHO: (no name) -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll -
{C5BF49A2-94F3-42BD-F434-3604812C897D} -
C:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: Show Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common
Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"
-t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"
-t (User 'Default user')
O7 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Policie
s\System, DisableRegedit=1
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
(Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.syma...Content/vc/bin/
AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}
(Microsoft Data Collection Control) -
https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -
https://setup.bellso...atic/controls/W
ebflowActiveXInstaller_6-1-2.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} -
http://www.exfol.com/v/1/i/eins005.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}
(SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.micros.../v6/V5Controls/
en/x86/client/wuweb_site.cab?1133556465031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.syma...edContent/commo
n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
(Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM
Access Support) -
http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1}
(FujifilmUploader Class) -
http://photo.walmart...ifilmUploadClie
nt.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
(Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2}
(CentrinoCheck Control) -
http://entriq.vo.lln.../cabs/cpucheck_
1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -
http://entriq.vo.lln...cabs/Entriq_3_4
_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} -
http://entriq.vo.lln.../cabs/NBCUniver
sal_1_0_0_3.cab
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw -
{C5BF49A2-94F3-42BD-F434-3604812C897D} -
C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. -
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications,
Inc. - C:\Program Files\Common
Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner -
C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown
owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner -
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc
.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. -
C:\Program Files\Common Files\Symantec Shared\Support
Controls\ssrc.exe
--
End of file - 8683 bytes